AWS EC2运行实例：base64编码的用户数据blob被忽略

Question

My base64 encoded user-data is ignored while running aws ec2 run-instances command.

Here is my user data:

$ cat user-data.sh 
#!/bin/bash
cat >> /var/tmp/user-data-testing <<EOF
this is test line added at $(date)
EOF

here is base64 blob of above script:

IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

Now, My below command does read the user-data fine:

aws ec2 run-instances --image-id ami-8635a9b6 --instance-type t1.micro --placement AvailabilityZone=us-west-2a --security-groups quicklaunch-1 --key-name devops --user-data file://user-data.sh

I do see that file /var/tmp/user-data-testing is created.

However, when I try to pass-in user-data as a base64 encoded blob as below, then it gets ignored:

aws ec2 run-instances --image-id ami-8635a9b6 --instance-type t1.micro --placement AvailabilityZone=us-west-2a --security-groups quicklaunch-1 --key-name devops --user-data IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

Now, I do not see the file /var/tmp/user-data-testing created.

Also, I know that my base64 blob is healthy as I can decode it fine:

$ base64 --decode <<< IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==
#!/bin/bash
cat >> /var/tmp/user-data-testing <<EOF
this is test line added at $(date)
EOF

However, I do see that instance metadata has my user data in base64 format:

$ curl -L http://169.254.169.254/latest/user-data/
IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

So, what am I doing wrong in using base64 user-data blob?

My instance meta-data is aware of it but seems like it is not really being executed (or decoded and executed) at the time of instance launch.

UPDATE:

If I pass the same base64 blob via AWS Console while launching the instance, It works. So seems like something is wrong in the way I am using it along with AWS-CLI .

UPDATE:

I just tried the same base64 blob with my ruby code as below and it worked as well:

ec2 = Aws::EC2.new
resp = ec2.run_instances(
    min_count: 1,
    max_count: 1,
    image_id: 'ami-8635a9b6',
    instance_type: 't1.micro',
    placement: {
      availability_zone: 'us-west-2a'
    },
    security_groups: ['quicklaunch-1'],
    key_name: 'devops',
    user_data: 'IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg=='
)

So, then WTF is wrong my implementation of AWS-CLI ?

Answer 1

It seems like awscli does the base64 encoding for you, so you should pass unencoded text to --user-data.

Apparently the documentation is not very clear on this. Check this link .

This syntax should then be:

aws ec2 run-instances --image-id ami-8635a9b6 --user-data "echo TEST"

or

aws ec2 run-instances --image-id ami-8635a9b6 --user-data file://path/to/file

Answer 2

Had the same issue, very frustrating to track down the problem, finally got it working. did not base64 encode did put script in file.

placing seems to be important worked for me only when --user-data file://path is placed at the end

This format worked obviously change the some data to yours

aws ec2 run-instances --image-id amisomthing --count 1 --instance-type t1.micro --key-name keysomthing --security-group-ids somegroup --subnet-id somesubnetid --associate-public-ip-address --user-data file://someuserdata

Answer 3

根据docs http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html，base64仅用于API调用，不适用于CLI